diff options
| author |   Martin André <m.andre@redhat.com> | 2017-06-13 15:35:16 +0200 |
|---|---|---|
| committer | Martin André <m.andre@redhat.com> | 2017-06-30 08:14:51 +0200 |
| commit | d53feb830bcbfa35722c0eac5937b5157628c827 (patch) | |
| tree | 387b00884cfa64460fd4be4859d83dbd2c833623 | |
| parent | 1847a014232afa726d01b3f75f46eec7b5444a45 (diff) | |
Bind mount needed cert for haproxy
haproxy needs the deployed SSL cert file to function when TLS is
enabled.
It is also required for the docker-puppet haproxy container since the
haproxy puppet module uses a validate_cmd to check the generated config
file is valid that fails when the required SSL cert is not present.
There is no clean way to disable this feature [1] so we need to bind
mount the cert into the container.
[1] https://github.com/puppetlabs/puppetlabs-haproxy/blob/4753ea5b2506ee093e9b4c8af6e91201d476d426/manifests/config.pp#L53-L57
Change-Id: Id2df144b678769def204961236624091d4e5c457
| -rw-r--r-- | docker/services/haproxy.yaml | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/docker/services/haproxy.yaml b/docker/services/haproxy.yaml index 242f0751..5831fe89 100644 --- a/docker/services/haproxy.yaml +++ b/docker/services/haproxy.yaml @@ -42,6 +42,11 @@ parameters: default: /dev/log description: Syslog address where HAproxy will send its log type: string + DeployedSSLCertificatePath: + default: '/etc/pki/tls/private/overcloud_endpoint.pem' + description: > + The filepath of the certificate as it will be stored in the controller. + type: string RedisPassword: description: The password for Redis type: string @@ -93,6 +98,12 @@ outputs: list_join: - '/' - [ {get_param: DockerNamespace}, {get_param: DockerHAProxyConfigImage} ] + volumes: &deployed_cert_mount + - list_join: + - ':' + - - {get_param: DeployedSSLCertificatePath} + - {get_param: DeployedSSLCertificatePath} + - 'ro' kolla_config: /var/lib/kolla/config_files/haproxy.json: command: haproxy -f /etc/haproxy/haproxy.cfg @@ -109,6 +120,7 @@ outputs: volumes: list_concat: - {get_attr: [ContainersCommon, volumes]} + - *deployed_cert_mount - - /var/lib/kolla/config_files/haproxy.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/haproxy/etc/:/etc/:ro |